Levi Villarreal Levi Villarreal - 3 months ago 11
HTML Question

PHP contact form sends message through senders address

Recently I've been having problems with my PHP contact form. It's worked great for about two years, and I haven't changed anything, so I don't really understand what the problem is. Here's the code:

<?php

// Check for header injections
function has_header_injection($str) {
return preg_match ( "/[\r\n]/", $str );
}

if(isset ($_POST['contact_submit'])) {

$name = trim($_POST['name']);
$email = trim($_POST['email']);
$tel = trim($_POST['tel']);
$msg = $_POST['message'];

// check to see if name or email have header injections
if (has_header_injection($name) || has_header_injection($email)){

die();

}

if ( !$name || !$email || !$msg ) {

echo '<h4 class="error">All Fields Required</h4><a href="page.php" target="_blank" class="button link">Go back and try again</a>';
exit;

}

// add the recipient email to a variable
$to = "example@example.net";

// Create a subject
$subject = "$name sent you an email";

// construct your message
$message .= "Name: $name sent you an email\r\n";
$message .= "Telephone: $tel\r\n";
$message .= "Email: $email\r\n\r\n";
$message .= "Message:\r\n$msg";



$message = wordwrap(message, 72);

// set the mail header
$headers = "MIME=Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "\r\nFrom: " . $name . " \r\n\r\n" . $tel . " \r\n\r\n " . $msg . "\r\n\r\n <" . $email . "> \r\n\r\n";
$headers .= "X-Priority: 1\r\n";
$headers .= "X-MSMail-Priority: high\r\n\r\n";

// Send the Email
mail( $to, $subject, $message, $headers );

?>

<!--- END PHP CONTACT FORM -->

<!-- Show Success message -->
<h2>Thanks for contacting Us!</h2>
<p align="center">Please allow 24 hours for a response</p>
<p><a href="index.php" class="button block">&laquo; Go to Home Page</a></p>

<?php } else { ?>

<form method="post" action="" id="contact-form">

<label for="name">Your Name</label>
<input type="text" id="name" name="name">

<label for="tel">Your Phone Number</label>
<input type="tel" id="tel" name="tel">

<label for="email">Your Email</label>
<input type="email" id="email" name="email">

<label for="message">the date/time you wish to sign up for</label>
<textarea id="message" name="message"></textarea>
<br>

<input type="submit" class="button next" name="contact_submit" value="Sign Up">




</form>

<?php } ?>


However, when the contact form is submitted, instead of sending the information to the body of the email, it sends it in the "From" section of the email. For example, the email might say:

To: Web Developer

From: Bob Smith 888-888-8888 mondays, wednesdays fridays

Subject: Bob Smith sent you an email!

Body:

X-Priority: 1X-MSMail-Priority: high

message

I don't really know what's going on, so any help would be appreciated!

Answer

You are adding all that info in the "from" header.

$headers .= "\r\nFrom: " . $name . " \r\n\r\n" . $tel . " \r\n\r\n " . $msg . "\r\n\r\n <" . $email . "> \r\n\r\n";

Change your headers to this:

$headers = "MIME=Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "From: {$name} <{$email}>\r\n"; // Removed all extra variables
$headers .= "X-Priority: 1\r\n";
$headers .= "X-MSMail-Priority: high\r\n";

and it should work.

You are already sending the $message, containing all the above data in the body as well.

Why you haven't experienced this before is however a mystery.

NOTE: You only need to have one \r\n after each header.

You should also change this row:

$message = wordwrap(message, 72);

to

$message = wordwrap($message, 72); // Adding $ in front of the variable.